Firewall Wizards mailing list archives
Re: NAT sanity check
From: "Paul Melson" <pmelson () gmail com>
Date: Mon, 5 Nov 2007 16:18:00 -0500
I've got a /29 public network, addresses (say) .2 to .6, with default
gateway of .1. Can I
place a Checkpoint firewall on .2 and have it use the remaining addresses
for NAT'd services
on the other side of the firewall?
Sure, you can use .3-.6 for publishing services to the internet (Check Point calls it "static NAT") and use .2 for the firewall's outside interface and also for outbound network traffic (Check Point calls this "hide NAT"). With a /29 subnet, the first and eighth addresses (.0 and .7) are reserved and cannot be used.
Also, would it work if the firewall was a PIX?
Yes. PaulM _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- NAT sanity check David Steele (Nov 05)
- Re: NAT sanity check Darden, Patrick S. (Nov 07)
- Re: NAT sanity check James (Nov 07)
- Re: NAT sanity check Paul Melson (Nov 07)
- <Possible follow-ups>
- Re: NAT sanity check Halchishak, John (Nov 07)